Smooth Out Win2k3 with These Stocking Stuffers

Sometimes it's the little things that count. Here are three stocking stuffers from Microsoft that can help you check in on your Win2k3 server's performance, track down bandwidth hogs, and comb through the logs looking for that elusive performance hit.

By Drew Bird | Posted Dec 23, 2004
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

With the holiday season upon us, we thought we'd give you a few gifts in the form of utilities that you can use to keep your Windows server running smoothly. OK, so in reality the gifts are not from us, they are from Microsoft, but our gift is pointing you in the right direction. Hey, it's the thought that counts!

Server Performance Advisor

The first tool on our list is the Server Performance Advisor (SPA). This is a great tool you can use to find out whether your server is running properly, and get some pointers on what components or services you should look at if it is not.

The tool is available for download as an .msi package.

When you first run SPA, the application offers a Quick Tour, which is a great way to get a feel for how the data is collected and reported. After the initial analysis, which takes place over the course of 100 seconds, the SPA tool provides a snapshot of the current performance state of your server. In addition to manual data collection, like that triggered by the Quick Tour, the SPA tool provides a fully configurable scheduling system so that you can collect data on a recurring basis. You can see an example of the information generated by the SPA data gathering process in Figure 1.

Figure 1.
(Click for a larger image)

SPA uses 'Data Collector' groups to define what information is retrieved, and from what service areas of the server. There are seven predefined collector groups, including ones for Active Directory, Internet Information Services, the file system, and print spooler. Within each collector group a number of performance counter definitions dictate the information retrieved during an SPA report. The range of performance counters associated with a collector group and report can be reconfigured as necessary.

In order to interpret the information collected during the report process, SPA uses a set of rules that defines acceptable thresholds for elements of the system. In some cases the rules simply determine what constitutes a high or low value for a given counter. In other instances they also include guidance on what steps can be taken to correct a certain condition, or an explanation as to why a certain counter may be of concern.

Port Reporter

The Port Reporter is a simple utility that lets you see what users, applications and services are sending traffic through TCP and UDP ports on your server. It's the kind of information that has a multitude of uses when it comes to tightening up firewall security, or tracking down that annoying application (or user) that's hogging all the network bandwidth.

There are two parts to the Port Reporter. The application itself, which runs as a service on your Windows 2000, Windows XP, or Windows Server 2003 system, can be downloaded from Microsoft's site. To read the information generated by the Port Reporter, you will also need the Port Reporter Parser tool. The Port Reporter tool comes as a self-extracting zip file that contains a command line installation tool. The zip file for the Parser tool contains a .msi file which installs the application and creates a Start menu shortcut.

Once installed, you'll need to start the Port Reporter service from within Control Panel, Services, before any data is generated. As with other performance monitoring applications, you might not want to run the Port Reporter service all the time. On a production server it's probably better to start and stop the service manually, rather than leaving it on all the time or configuring it to start automatically.

Once Port Reporter service is running, information is logged to three files, which are stored in %Systemroot%\System32\logfiles\PortReporter folder. You can view the files directly in Notepad or use the Port Reporter Parser tool discussed earlier. We highly recommend the Reporter Parser tool over Notepad for reasons that will become very apparent after you have viewed the log files in plain text format.

The Port Reporter Parser tool, which after installation is launched from a shortcut on the Start menu, is a basic application that takes the information recorded in the Port Reporter log files and displays it in an easy to read 'spreadsheet' style format. You can see an example of the Port Reporter Parser tool in figure 2.

Figure 2.
(Click for a larger image)

In addition to the basic reporting function, there are a number of features, accessed from the Tools menu, such as the ability to apply criteria to the report. You can also create a Log Analysis of the data that allows you to view information such as which users are responsible for what proportion of port usage, what processes are using what ports, and a wide range of other port related information.

Event CombMT

The last utility on our list is one that lets you search Event Viewer log files.

OK, so that might not seem exciting straight away, but you would be surprised at just how often the key that unlocks the mystery behind why your server is slow (or worse) can be found in an Event Viewer log file. The problem is that it's sometimes hard to find the records related to your issue, particularly with only the rudimentary search feature in the Event Viewer console.

Event CombMT changes all that with a highly sophisticated search interface that lets you look for specific events by ID number, events that fall within a range of event ID's, as well as events based on type. You can even search Event Viewer logs from multiple servers at one time.

To use EventCombMT, first download the utility from the Microsoft Website. The tool is not available for download on its own, and is instead included in the Account Lockout Tools executable file. Although our focus here is on EventCombMT, you'll also get a number of other useful tools as part of the download.

At first, the basic EventCombMT interface, as shown in Figure 3, can look somewhat complex. In reality it is really quite straightforward to use. First determine those systems you want to search by right-clicking the 'Select to Search/Right Click to Add' area of the main screen. Then, choose the Log files and Event types that you want to include in the search. Finally, specify the event ID's, Source, or text, that you want to look for and hit the Search button.

Once the search is complete, results are written to a text file in a folder on the local system. You can see the current path for the log files, and specify a different path, by clicking the Options menu and then choosing Set Output directory. While you are in the Options menu, it's worth taking a moment to familiarize yourself with the myriad of other configurations choices you have.

Figure 3.
(Click for a larger image)

Once defined, searches can be saved for future use. In addition, there are a number of predefined queries that can be accessed from the Searches menu including Disk Errors and Account Lockouts.

Summary

So there you have it – three freebies from Microsoft you can use to find out if and why your Windows Servers aren't running as well as they should be. Admittedly you might get more exciting gifts this holiday season, but these tools might give you one gift you can't find under a tree - some peace of mind.

Merry Christmas & Happy Holidays!

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter